{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97649?format=json","vulnerability_id":"VCID-pr53-j3y1-5yd8","summary":"insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025.","aliases":[{"alias":"CVE-2025-46826"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46826","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55928","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55941","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55926","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46826"},{"reference_url":"https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c","reference_id":"8c1e68b2fb55aa952f522ead55a6587526982a2c","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T13:41:37Z/"}],"url":"https://github.com/INSAgenda/insa-auth/commit/8c1e68b2fb55aa952f522ead55a6587526982a2c"},{"reference_url":"https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced","reference_id":"b0e7508e6ca4360e39fb1fd931f8d47b1f992ced","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T13:41:37Z/"}],"url":"https://github.com/INSAgenda/insa-auth/commit/b0e7508e6ca4360e39fb1fd931f8d47b1f992ced"},{"reference_url":"https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d","reference_id":"c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T13:41:37Z/"}],"url":"https://github.com/INSAgenda/insa-auth/commit/c77cf2e25778f83ebf5c4fdb4ded3ffcc8cfd74d"},{"reference_url":"https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv","reference_id":"GHSA-63xr-gvjv-r6xv","reference_type":"","scores":[{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:A/V:D/RE:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T13:41:37Z/"}],"url":"https://github.com/INSAgenda/insa-auth/security/advisories/GHSA-63xr-gvjv-r6xv"}],"weaknesses":[{"cwe_id":601,"name":"URL Redirection to Untrusted Site ('Open Redirect')","description":"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks."}],"exploits":[],"severity_range_score":"1.3 - 1.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr53-j3y1-5yd8"}